• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Default keyStore/trustStroe for the tomcat server

 
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have two tomcat servers. One is client, and the other one is server. I need 2 way SSL authentication between them. Now even if I define entries for keystore and truststore in server.xml, while sending the certificate or validating the certificate, tomcat 1 uses its default keystore/truststore. So I restarted the tomcat with the -Djavax.net.ssl.trustStore=filepath and etc. Now what will happen to the certificates which are already there inside my default keystore i.e. jre/lib/security/cacerts. If any request comes with those certificates, whether my tomcat server will be able verity those even if i started the tomcat with some other truststore.

I need to know it very urgent.
Thanks in advance.
 
Ranch Hand
Posts: 220
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Sorry, I can't understand your question.
 
sanjay patel
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
My question is :

I have defined the keystroe/truststore in server.xml while defining connecter for https. Those file paths are something like :
for truststore = ./trust_certs.jks
for keystore = ./keys_certs.jks

When the tomcat 1 restarts, while initializing https, it loads certificates/keys which are there in my keystore & truststore. But while calling webservice on tomcat2, it loads the trusted certificates from the default truststore (ie. /jre/lib/security/cacerts). so I get the error, No trusted certificate found.
 
Ranch Hand
Posts: 87
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I had this same issue.
I modified the catilina.sh file. I modified this line:
JAVA_OPTS="-Djavax.net.ssl.trustStore=/filepath/filename.ks
-Djavax.net.ssl.trustStorePassword=changeit"

I made the change and bounce Tomcat and it worked.
 
greg stark
Ranch Hand
Posts: 220
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Dave,

that's interesting because I would have guessed that tomcat would use the values that sanjay mentioned in the config file to set those same properties in launching the JVM. But I have no experience with Tomcat, so I don't really know what it does.
Thanks.
 
I would challenge you to a battle of wits, but I see you are unarmed - shakespear. Unarmed tiny ad:
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic